Identity Finder

All universities, as well as other public and private entities, must make all reasonable
efforts to ensure the security of the data they maintain. Certain data, known collectively
as Personally Identifiable Information (PII), require more stringent safeguards than
other types of data.

The MTSU Information Security Policy I:03:06 dated July 1, 2009, covers the protection
of University information in all its forms. It discusses what PII is, how it may
be handled and stored, along with measures taken to safeguard that data.

Section V.J. of the Information Security Policy specifically addresses storage of
PII, stating that, where possible, all records containing PII shall be stored on secure
network drives with access limited to those individuals or entities that require access
to perform a legitimate University function. Individual workstations, laptops, mobile
storage devices and other personal computers (e.g., PDAs and home computers, etc.)
shall not be used to store records containing PII except where permitted by policy.

To help the University meet the requirements of that policy, the Information Technology
Division (ITD) is installing Identity Finder, an auditing software package, on all
PCs and Mac computers across the campus. Identity Finder replaces an existing manual
process with an automatic process to ensure employee computers comply with section
V.J. of the University’s Information Security Policy.

Identity Finder behaves very similarly to our anti-virus solution. The software scans
the local desktop, and if it detects a possible issue, an alert will be generated
to the management console. ITD Security will contact the user to work together to
ensure the alert is valid, and if so, to secure the information.

The purpose of Identity Finder is to identify PII only. It does not perform an inventory
of software or software licenses, or evaluate data in any way. Any data outside the
scope of PII is ignored. Data that is within the scope of Identity Finder includes:

Social Security Numbers

Credit Card and PCI Data

Bank Account Numbers

The data that generates an issue is NOT sent back to the central management console.
Only the computer name, data type (SSN, credit card number, etc.), and data location
are maintained by the central management console.

Identity Finder will be automatically installed on all Windows computers connected
to the FSA domain by April 1, 2013. Non-FSA domain computers, along with all Mac computers, will be installed manually
until an automatic process can be developed.

Once installed, the software is configured to scan the computer on the first Thursday
of each month at 2:00 a.m. Please ensure you leave your computer powered on overnight,
with your account logged out.

You may read the Information Security Policy in full by clicking here.

Middle Tennessee State University, in its educational programs and activities involving students and employees, does not discriminate on the basis of race, color, religion, creed, ethnic or national origin, sex, sexual orientation, gender identity/expression, disability, age (as applicable), status as a covered veteran or genetic information. For more information see Middle Tennessee State University. | Nondiscrimination Policy